The nature of wireless communication networks makes them very susceptible to attack. Various security methods are currently implemented to secure wireless communications between wireless transmit/receive units (WTRUs) and other WTRUs, and between WTRUs and wireless access points (APs). These security methods include, for example, various types of encryption, which is the process of encoding information in such a way that only a recipient with the appropriate key can decode the information. Other technologies for protecting wireless data include, for example, error-correcting codes, checksums, hash functions (including message authentication codes), digital signatures, secure socket layer (SSL) technology, and the like.
Various wireless communication networks employ various security technologies. For example, an IEEE 802.11a/b wireless local area network (WLAN) employs wired equivalent privacy (WEP), a symmetric key encryption scheme, for securing wireless communications across a wireless network. An IEEE 802.11i WLAN employs Wi-Fi protected access (WPA) for securing wireless communications across the network. Cellular networks, for example GSM and UMTS networks, use the Authentication and Key Agreement Protocols (AKA) which utilize integrity keys, cipher keys, and anonymity keys. These keys form the basis for the confidentiality, integrity, authentication, and anonymity of the security system. Typically, the security method or technology utilized is dictated by the applicable standards.
These security technologies require large amounts of computational power, thereby creating a potential bottleneck in the speed at which the network operates. For example, a Palm™ III-X handheld WTRU requires 3.4 minutes to perform 512-bit RSA key generation, 7 seconds to perform digital signature generation, and can perform DES encryption for at most 13 kbps. Increased electrical power consumption is an additional drawback associated with highly secure encryption algorithms.
Accordingly, the competing interests of data security and network performance typically result in a fixed level of network security. Generally, the data rate of a network is inversely proportional to the security level of the network. That is, increasing a wireless network's security decreases the rate at which data can be conveyed across the network. The security parameters selected by a network administrator typically optimize these competing interests for a particular use of the wireless communication network.
FIG. 1 is an illustration of a conventional wireless communication network 100 operating with a fixed security level. The network shown in FIG. 1 is a wireless local area network (WLAN), such as one typically found in homes and small businesses. An access point 110 connects the WLAN to the Internet 120 and an intranet 125, and routes data transmitted between a plurality of WTRUs 130 generally, and 1301, 1302, 1303 specifically, within a trust zone 140 extending a predetermined distance from the wireless access point 110. The WTRUs 130 possess the appropriate encryption key or other required information, depending on the nature of the security technology utilized by the network 100.
The security level maintained among devices operating within the trust zone 140 of the network 100 is static; it will not change unless the security settings are adjusted or the security is turned off by the system administrator. To illustrate, an intruder WTRU 150 is located outside the trust zone 140 at position A. When the intruder WTRU 150 enters into the trust zone 140 at position B, the security level of the system remains unchanged. The intruder WTRU 150 either has the necessary encryption key or other information as required by the security technology currently in use, or it does not. If the intruder WTRU 150 possesses the appropriate encryption key or other necessary information, the intruder WTRU 150 may then access the network 100. If, however, the intruder WTRU 150 does not possess the required encryption key or other necessary information, the intruder WTRU 150 will be unable to communicate with the network 100.
Accordingly, the network 100 unnecessarily utilizes large amounts of resources on security when only trusted WTRUs 130 are operating within the network 100. As a result, the network 100 sacrifices the ability to provide higher data rates by maintaining unnecessarily high security levels when only trusted WTRUs 130 are operating within the trust zone.
Therefore, a method for providing variable security in a wireless communication network is desired.